CVE-2021-21985CISA KEVEPSS p100.0%

CVE-2021-21985VMware vCenter Server Improper Input Validation Vulnerability

VMware / vCenter Server

Description

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.

Scoring

EPSS100.00% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryVMware vCenter Server Improper Input Validation Vulnerabilitykev-cve-2021-219850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
VMware vCenter Server Remote Code Execution Vulnerability
CVE
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
CVE
VMware vCenter Server Incorrect Default File Permissions Vulnerability
CVE
VMware vCenter Server Improper Access Control
CVE
VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
CVE
CVE-2025-41225
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.